RSS   Podatności dla 'Discuzx'   RSS

2018-04-22
 
CVE-2018-10298

CWE-79
 

 
Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content.

 
 
CVE-2018-10297

CWE-79
 

 
Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images.

 
2018-01-12
 
CVE-2018-5377

CWE-862
 

 
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter.

 
 
CVE-2018-5376

CWE-79
 

 
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter.

 
 
CVE-2018-5375

CWE-79
 

 
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action.

 
2018-01-10
 
CVE-2018-5331

CWE-79
 

 
Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php.

 
2018-01-08
 
CVE-2018-5259

CWE-noinfo
 

 
Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter.

 

 >>> Vendor: Discuz 4 Produkty
Discuz gbk
Discuz!
Ucenter home
Discuzx


Copyright 2024, cxsecurity.com

 

Back to Top